How 17 Lines of Code Took Down Silicon Valley's Hottest Startups

Yesterday at 2:35 PST, one developer clicked one button on a site that broke the codebase of some of the hottest startups in the country.Rewinding a little bit, a few weeks ago a developer named Azer Koçulu got an email from a patent lawyer asking him to remove one of his open source project from NPM, a directory of Open Source JavaScript code that is used by most JavaScript developers.Azer wasn't interested in taking the project down and told the lawyer he wouldn't comply.Ultimately, the lawyer won, convincing NPM to transfer ownership of the Open Source code. While the one project that was transferred wasn't a huge incident, Azer decided to remove all of his work from NPM. He talked about the experience on his medium profile.This includes one package called left-pad, which happened to have a single file that was exactly 17 lines of code.Silicon Valley startups are a hotbed of using the state of the art JavaScript tooling. Companies like AirBnB, Netflix, ProductHunt, Facebook and a lot more are using ReactJS. And most are using two other technologies too: WebPack and Babel.It turns out, in order for Babel-dependent applications to work...left-pad, this silly 17 lines of code, needed to be in NPM. Immediately, tens (if not hundreds) of thousands of developers would be unable to run the command to install their application on any machine.Laurie Voss, founder of NPM, took to Twitter to explain what the heck was going on.

Hey npm users: left-pad 0.0.3 was unpublished, breaking LOTS of builds. To fix, we are un-un-publishing it at the request of the new owner.